COMP38411: 2013/2014 Exam Solutions 

Setter: Ning Zhang 
Moderator: Richard Banach 

Answer any THREE Questions from the FOUR questions provided; closed book examination; two hours duration. 



Question 1: 



(a) [8 marks] 

• Stream cipher is better suited to voice communication, as the data stream is continuous and 
requires less jitter; block cipher is more suited to web browsing as it is more secure and the 
data length is known prior to data transmissions. (2 mark) 

• Stream ciphers: (property, pro and con - minimum one point from each category 
(property, pros and cons) and 1 mark for each point; max 3 marks) 

♦> encrypt one bit or byte at a time; 

♦> stream ciphers are less secure unless keystream is non-repeating; 

♦♦♦ a stream cipher is typically faster than block ciphers thus more preferable in continuous 
communications, such as voice communications and stream voice, which requires less 
jitter; as it works on bit or bytes, so errors on one bit/byte does not affect other data, thus 
more suited to links with high error rates or often have support for interruptions on the 
line, e.g. in the case of wireless communications and TV broadcasting; it requires less 
memory so cheaper to implement in resource restrained devices. 

• Block ciphers: (property, pro and con - minimum one point from each category and 1 
mark for each point; max 3 marks) 

❖ block ciphers work on larger chunks of data at a time (i.e. they each has a block size) 
and often combining/chaining blocks for additional security (e.g. AES in CBC mode); 

♦> Because block ciphers encrypt a whole block at a time (and have "feedback" modes 
which are strongly recommended), so they are slower, more memory required and more 
susceptible to noise in transmission, that is, if there is one bit error in the data, all the 
rest is probably unrecoverable. The last property is good for security but not good for 
noisy channels. 

❖ Block ciphers can be used to construct stream ciphers and MAC functions thus 
providing integrity service. 



(b) [8 marks] 

• Assuming that the ciphertext blocks are cl, c2 and c3; 

• When ECB is used, the encryption operations are: cl= Eg(ml), c2= E^mT), c3= £/f(m3); and the 
decryption operations are: ml= D^cl), m2= Dk(c2), m3= Ek(c3). (2 marks) 

• When CBC mode is used: cl= E^mY xor CO), c2= E^rnl xor cl), c3= £/f(m3 xor c2); and the 
decryption operations are: ml= D^cY) xor CO, m2= D^cl) xor Cl, m3= E^ci) xor C2. (2 
marks) 

• Properties: with the ECB mode, the three blocks are each process independently; whereas with the 
CBC mode, ciphertext block Cj depends on Mj and all preceding plaintext blocks; thus repeated 
patterns in the plaintext are concealed by the feedback; also, using different COs in different 
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encryption operations will lead to: the same plaintext produces different ciphertext blocks. (4 
marks) 



(c) [4 marks] 

(i) Using counter mode: a block cipher for keystream generation, and the encryption and decryption 
operations are carried out using xor. (2 marks) 




(ii) 



• This is CBC-MAC: here the Block Cipher is AES, and, as shown in the figure below, the 
output of the last block is the MAC. (1 mark) 



Plain 


Text 


Messaae 


InDut 




• The sender and receiver shares a unique symmetric key, K; the use of MAC for integrity 
protection: the MAC generated by the sender is sent to the receiver, and the receiver uses his 
copy of the symmetric key and the message received to generate another MAC; if 
MAC=MAC, then the integrity of the message is assured. (1 mark) 
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Question 2: 



(a) [6 marks in total] 

• Cryptographic key management is important as the security of the system is dependent on the 
security of the keys; usually cryptographic algorithms are in public domain - think about the 
weakest link principle. (2 marks) 

• The two major issues are: 

> All keys need to be protected against unauthorized substitutions and modifications. (2 marks) 

> Secret and private keys need to be protected against unauthorized disclosure. (2 marks) 

Optional answer to the 'major issues): 

> The issues encompass secure key generation, storage, distribution, and 
destruction/replacement/revocation. (4 marks) 

(b) [6 marks in total] 

■ The major concern for public key distribution is how to make sure that the public key is 
trustworthy. (2 marks) 

■ The concern is tackled by using PKI - trusted third parties (certificate authorities, or CAs, 
registration authorities, or RAs) for entity identification and registrations (1 mark), issuance of 
digital certificates (1 mark), the facility for the revocation of digital certificates (1 mark); as a 
digital certificate binds an entity's public key (+ one/more attributes) to its identity (the entity 
= person, hardware device, software process) - it is digitally signed by the CA (1 mark), so if 
you trust the CA, then you trust the public key signed by the CA. 

(c) [8 marks in total] 

Approach 1 - Key Establishment Protocol without any use of a public-key cipher (3 marks): 
when a party A wants to establish secure communication with another party B without any secret key 
previously agreed, a trusted third party S has to be used where S shares a secret key with each of A 
and B. A can request S to generate a secret key and then to pass the key to A and B securely using the 
shared keys with S, respectively. The following level of depth should be provided: 




Optional answers (only 1 mark is awarded for this answer) - If A has a secret key already shared 
with B, A can generate a new key and send it to B securely using the shared key, without any 
involvement of S. 
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Approach 2 - Key Establishment Protocol with the use of a public-key cipher (3 marks): 

• Optional Answer 1: Using the Diffie-Hellman protocol to establish a symmetric key Kab, 
given below: 



Alice 




Bob 


Generate 

Random & private X a < n; 
Calculate 

Public Y a = g x " mod n 




Generate 

Random & private X b < n; 
Calculate 




Public Y b = g xh mod n 


Calculate 

K ab = Y b Xa mod n 
=g x " xh mod n 


*yI 


Calculate 

K ab = Y xh mod n 
=g XaXb mod n 



• Optional Answer 2: Using public -key cipher encryption: One of the two parties, say A, 
generates a symmetric key and encrypts the key using B's public key before sending the 
encrypted key to B. 

Contrast of the two approaches (2 marks for each bullet point; maximum 2 marks): 

• Approach 1 requires the use of an on-line trusted third party (TTP), whereas approach 2 only 
requires the use of an off-line TTP. 

• Approach 1 does not require communication parties to have key generation capability, where 
approach 2 does. 
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Question 3: 

(a) (12 marks) each method/protocol is assigned with 3 marks; the total is 12 marks. 



Protocol 1: Using keyed hash function 



Assumptions (1 mark) 


Protocol & Verification (2 marks) 


Using keyed hash function, H; 

Two entities share a secret key, K; it is 

assumed that the secret key has been 

distributed to the two entities in a secure and 

authentic manner; 

The nonce is a random number. 


1. Bob -> Alice: Nonce; 

2. Alice->Bob: H(KIINonce). 

Bob will compute a fresh hash value using his 
copy of the key and nonce. If the two hash 
values are equal, then authentication is 
positive. 



Protocol 2: Using symmetric encryption 



Assumptions (1 mark) 


Protocol & Verification (2 marks) 


Using a symmetric encryption algo, E; 
Two entities share a secret key, K; it is 
assumed that the secret key has been 
distributed to the two entities in a secure and 
authentic manner; 
The nonce is a random number. 


1. Bob -> Alice: Nonce; 

2. Alice->Bob: E(K, Nonce). 

Bob will decrypt the response using his copy 
of the key. If the nonce is correct, then 
authentication is positive. 



Protocol 3: Using Alice's public key 



Assumptions (1 mark) 


Protocol & Verification (2 marks) 


Using a public key algo, E; 

Bob has Alice's public key certificate (thus 

her certified public key); 

Alice's public key certificate is signed by a 

trusted CA; 

The nonce is a random number. 


1. Bob -> Alice: EU(KUa, Nonce); 

2. Alice->Bob: Nonce. 

Bob encrypts the nonce using Alice's public 
key, and Alice has to have the corresponding 
private key in order to do the decryption. If the 
nonce returned from Alice is correct, then 
authentication is positive. 



Protocol 4; Alice generating a digital signature 



Assumptions (1 mark) 


Protocol & Verification (2 marks) 


Using a public key algo, E; 

Bob has Alice's public key certificate (thus 

her certified public key); 

Alice's public key certificate is signed by a 

trusted CA; 

The nonce is a random number. 


1. Bob -> Alice: Nonce; 

2. Alice->Bob: NoncellE(KRa, h(Nonce)) 
Bob sends Alice a nonce, and Alice signs the 
nonce using her private key. To verify the 
response, Bob verifies Alice signature using 
her public key. If the signature is positive, then 
authentication is positive. 



Other protocols, so long as they are challenge-response ones, shall also be considered, 
(b) [8 marks] 



Protocols 


Performance 


Factors, requirements or considerations 

(mark assignments are indicated below; max 8 
marks) 


Protocol 1 


Most efficient 


• Hash function should be 

cryptographically secure; (2 marks) 
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• Confidential and authentic channel for 
key distribution. (1 mark) 


Protocol 2 


Medium efficient 


• Confidential and authentic channel for 
key distribution. 


Protocol 3 


Least efficient 


• Public key should be certified, the CA 
should be trustworthy, and there should 
be revocation facilities. (2 marks) 


Protocol 4 


Least efficient 


• Same as protocol 3. 


For all the 
protocols 




• The nonce should be truly random, or 
timestamp should be tamper-resistant. 
(1 mark) 

• Key lengths should be sufficiently long 
and use good random number 
generators. (2 marks) 






Other correct answers will also be 
considered. 
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Question 4: 



Table: Major Security Risks and Mitigation Measures in Mobile Banking and Payments [1] 



Risks (any 5 risks will do; 2 marks for each 
risk box; total 10 marks) 



Suggested Mitigation Measures 

(2 marks for each measure ((a) or (b) or (c); total 

10 marks); other correct answers will also be 

considered. 



1 . Mobile device is more susceptible for loss 
or theft 

* lead to loss of private information, thus 
privacy compromise; loss of asset, financial 
loss and/or inconvenience. 



a) Customer education (importance of 
choosing/using good passwords, how to choose a 
strong password, lock the device after timeout, 
updating OS and applications, danger of 'jail broken' 
device, use encryption and ant-virus software) 

b) Implementation of remote wipe, passcode and 
automatic lock out 



2. SMS (Short Messaging Service) 
vulnerabilities 



a) SMS should not be used as a channel for money 
movement and other high risk transactions 



3. Users are more likely to store sensitive 
information on their devices 
*so an unauthorised access to the sensitive 
info may lead to privacy compromise, etc. 



a) Customer education 

b) Device encryption 

c) Ensure applications do not store customer 
sensitive data locally 



4. Malware, e.g. viruses, warms, Trojan, key 
logging, etc 

*malware can be used to steal information 
such as bank account details which may lead 
to financial loss; or passcode so attacker can 
hack into the phone and spoof the customer to 
perform authorised transactions, etc. 



a) Mobile malware protection - regular anti- 
malware screening. 

b) Don't jailbreak your device 



5. Malicious applications 

*can do virtually anything, e.g. as those listed 

in the box above. 



a) Customer Education 

b) Only use reputable sites to download apps 

c) Ensure that apps are tested for security 



6. Privacy violations (e.g. legitimate 
applications pass user data to other 
applications or 3 ld parties in an unauthorized 
manner and this may lead to loss of privacy, 
targeted marketing, etc. 



a) Customer education 

b) Security testing of applications and data handling 



7. Risks introduced by wireless carrier 
infrastructure 

*eavesdropping, breach of confidentiality and 
privacy, alteration of messages, spoofing. 



Vet the security of the carrier infrastructure and 
services through targeted questions 



8. Risks introduced by payment systems 
infrastructure 

*spoofing, financial loss, unauthorized 
payments, etc. 



a) Ensure the point of sale device vulnerabilities are 
addressed 

b) Utilize EMV (Europay, MasterCard and Visa) 
where possible 



9. Hardware and OS (Operating System) 
vulnerabilities 

*any of the harm mentioned above can be 
potentially realized by these. 



a) Ensure that software updates are being pushed to 
devices 



10. Lack of maturity in fraud tools and 
controls. 

*can not detect fraud promptly . . . lead to 
more loss/damages. 



a) Extend current online fraud tools and controls are 
extended to the mobile channel 

b) Secure provisioning/de-provisioning 



1 1 . risks introduced owing to 
networking/Internetworing, e.g. Phishing 
attack; 

privacy breach, loss of information, etc 



Mutual authentication between a user and a server, 
and to use strong authentication method, e.g. 
certificate based authentication method where the 
private key is stored in a hardware device (which is 
hard to temper and two factor authentication) 



12. Pharming attack - Divert traffic from a 



Countermeasures include: server-side anti-phishing, 



7 



legitimate website to an attacker's website 


browser-side anti-phishing solutions, DNS protection, 
strong mutual authentication, malware screening, etc 


13. Password database theft - Hack into the 
server or using malware to steal users' 
credentials. 


Avoid storing plain-text passwords on servers (e.g. 
using hashed password solution), make password- 
guessing attack more difficult (e.g. using more secure 
hash functions or salt), and better protect password 
file (e.g. use password shadow file). In addition, users 
should avoid using the same user ID and password 
combination for multiple sites! 


14. Man-in-the-Middle (MitM) attack - An 
attacker (e.g. a malware) located between the 
user and the server intercepts or alter data sent 
between the two entities. 


Using SSL plus mutually trustworthy certification 
authority, or one-time-password, or multifactor 
authentication 


15. Man-in-the-Browser (MitB) attack -This 
is a variant of MitM attack; a malware in an 
infected Internet browser could intercept 
and/or modify data sent by the user before the 
data reaches the browser's security 
mechanism. 


Regular anti-malware screening, and, in the case of 
on-line banking, use strong authentication combined 
with out-of-band transaction verification, or use 
trusted browser. 


Other threats/attacks will also be 
considered. 





[1] Vanessa Pegueros, Security of Mobile Banking and Payments, SANS Institute 

InfoSec Reading Room, http://www.sans.org/reading room/whitepapers/ecommerce/security-mobile-banking- 
payments 34062 . 

[2] White Paper: Top Online Banking Threats to Financial Service Providers in 2010, by SafeNet - The Foundation of 
Information Security. 
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